PyPI - pulumi-vault - Versions diffs - 7.1.0__py3-none-any.whl → 7.2.0__py3-none-any.whl - Mend

pulumi-vault 7.1.0py3-none-any.whl → 7.2.0py3-none-any.whl

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (269) hide show

pulumi_vault/__init__.py +19 -1
pulumi_vault/_inputs.py +873 -673
pulumi_vault/ad/__init__.py +1 -1
pulumi_vault/ad/get_access_credentials.py +27 -28
pulumi_vault/ad/secret_backend.py +579 -580
pulumi_vault/ad/secret_library.py +120 -121
pulumi_vault/ad/secret_role.py +104 -105
pulumi_vault/alicloud/__init__.py +1 -1
pulumi_vault/alicloud/auth_backend_role.py +222 -223
pulumi_vault/approle/__init__.py +1 -1
pulumi_vault/approle/auth_backend_login.py +138 -139
pulumi_vault/approle/auth_backend_role.py +292 -293
pulumi_vault/approle/auth_backend_role_secret_id.py +202 -203
pulumi_vault/approle/get_auth_backend_role_id.py +23 -24
pulumi_vault/audit.py +103 -104
pulumi_vault/audit_request_header.py +52 -53
pulumi_vault/auth_backend.py +132 -133
pulumi_vault/aws/__init__.py +1 -1
pulumi_vault/aws/auth_backend_cert.py +86 -87
pulumi_vault/aws/auth_backend_client.py +307 -308
pulumi_vault/aws/auth_backend_config_identity.py +103 -104
pulumi_vault/aws/auth_backend_identity_whitelist.py +69 -70
pulumi_vault/aws/auth_backend_login.py +258 -259
pulumi_vault/aws/auth_backend_role.py +486 -487
pulumi_vault/aws/auth_backend_role_tag.py +155 -156
pulumi_vault/aws/auth_backend_roletag_blacklist.py +69 -70
pulumi_vault/aws/auth_backend_sts_role.py +86 -87
pulumi_vault/aws/get_access_credentials.py +59 -60
pulumi_vault/aws/get_static_access_credentials.py +19 -20
pulumi_vault/aws/secret_backend.py +1016 -439
pulumi_vault/aws/secret_backend_role.py +256 -257
pulumi_vault/aws/secret_backend_static_role.py +137 -138
pulumi_vault/azure/__init__.py +1 -1
pulumi_vault/azure/_inputs.py +26 -27
pulumi_vault/azure/auth_backend_config.py +222 -223
pulumi_vault/azure/auth_backend_role.py +307 -308
pulumi_vault/azure/backend.py +1057 -285
pulumi_vault/azure/backend_role.py +194 -195
pulumi_vault/azure/get_access_credentials.py +75 -76
pulumi_vault/azure/outputs.py +16 -17
pulumi_vault/cert_auth_backend_role.py +443 -444
pulumi_vault/config/__init__.py +1 -1
pulumi_vault/config/__init__.pyi +1 -2
pulumi_vault/config/_inputs.py +13 -14
pulumi_vault/config/outputs.py +380 -381
pulumi_vault/config/ui_custom_message.py +140 -141
pulumi_vault/config/vars.py +31 -32
pulumi_vault/consul/__init__.py +1 -1
pulumi_vault/consul/secret_backend.py +887 -256
pulumi_vault/consul/secret_backend_role.py +222 -223
pulumi_vault/database/__init__.py +1 -1
pulumi_vault/database/_inputs.py +3167 -3168
pulumi_vault/database/outputs.py +2123 -2124
pulumi_vault/database/secret_backend_connection.py +259 -260
pulumi_vault/database/secret_backend_role.py +205 -206
pulumi_vault/database/secret_backend_static_role.py +218 -219
pulumi_vault/database/secrets_mount.py +426 -380
pulumi_vault/egp_policy.py +86 -87
pulumi_vault/gcp/__init__.py +1 -1
pulumi_vault/gcp/_inputs.py +98 -99
pulumi_vault/gcp/auth_backend.py +322 -323
pulumi_vault/gcp/auth_backend_role.py +347 -348
pulumi_vault/gcp/get_auth_backend_role.py +91 -92
pulumi_vault/gcp/outputs.py +66 -67
pulumi_vault/gcp/secret_backend.py +878 -336
pulumi_vault/gcp/secret_impersonated_account.py +112 -113
pulumi_vault/gcp/secret_roleset.py +115 -116
pulumi_vault/gcp/secret_static_account.py +115 -116
pulumi_vault/generic/__init__.py +1 -1
pulumi_vault/generic/endpoint.py +138 -139
pulumi_vault/generic/get_secret.py +39 -40
pulumi_vault/generic/secret.py +95 -96
pulumi_vault/get_auth_backend.py +29 -30
pulumi_vault/get_auth_backends.py +19 -20
pulumi_vault/get_namespace.py +21 -22
pulumi_vault/get_namespaces.py +19 -20
pulumi_vault/get_nomad_access_token.py +25 -26
pulumi_vault/get_policy_document.py +10 -11
pulumi_vault/get_raft_autopilot_state.py +31 -32
pulumi_vault/github/__init__.py +1 -1
pulumi_vault/github/_inputs.py +50 -51
pulumi_vault/github/auth_backend.py +285 -286
pulumi_vault/github/outputs.py +34 -35
pulumi_vault/github/team.py +69 -70
pulumi_vault/github/user.py +69 -70
pulumi_vault/identity/__init__.py +1 -1
pulumi_vault/identity/entity.py +103 -104
pulumi_vault/identity/entity_alias.py +86 -87
pulumi_vault/identity/entity_policies.py +78 -79
pulumi_vault/identity/get_entity.py +62 -63
pulumi_vault/identity/get_group.py +75 -76
pulumi_vault/identity/get_oidc_client_creds.py +19 -20
pulumi_vault/identity/get_oidc_openid_config.py +39 -40
pulumi_vault/identity/get_oidc_public_keys.py +17 -18
pulumi_vault/identity/group.py +171 -172
pulumi_vault/identity/group_alias.py +69 -70
pulumi_vault/identity/group_member_entity_ids.py +69 -70
pulumi_vault/identity/group_member_group_ids.py +69 -70
pulumi_vault/identity/group_policies.py +78 -79
pulumi_vault/identity/mfa_duo.py +183 -184
pulumi_vault/identity/mfa_login_enforcement.py +147 -148
pulumi_vault/identity/mfa_okta.py +166 -167
pulumi_vault/identity/mfa_pingid.py +160 -161
pulumi_vault/identity/mfa_totp.py +217 -218
pulumi_vault/identity/oidc.py +35 -36
pulumi_vault/identity/oidc_assignment.py +69 -70
pulumi_vault/identity/oidc_client.py +155 -156
pulumi_vault/identity/oidc_key.py +103 -104
pulumi_vault/identity/oidc_key_allowed_client_id.py +52 -53
pulumi_vault/identity/oidc_provider.py +112 -113
pulumi_vault/identity/oidc_role.py +103 -104
pulumi_vault/identity/oidc_scope.py +69 -70
pulumi_vault/identity/outputs.py +42 -43
pulumi_vault/jwt/__init__.py +1 -1
pulumi_vault/jwt/_inputs.py +50 -51
pulumi_vault/jwt/auth_backend.py +400 -354
pulumi_vault/jwt/auth_backend_role.py +494 -495
pulumi_vault/jwt/outputs.py +34 -35
pulumi_vault/kmip/__init__.py +1 -1
pulumi_vault/kmip/secret_backend.py +1006 -227
pulumi_vault/kmip/secret_role.py +358 -359
pulumi_vault/kmip/secret_scope.py +69 -70
pulumi_vault/kubernetes/__init__.py +1 -1
pulumi_vault/kubernetes/auth_backend_config.py +171 -172
pulumi_vault/kubernetes/auth_backend_role.py +273 -274
pulumi_vault/kubernetes/get_auth_backend_config.py +57 -58
pulumi_vault/kubernetes/get_auth_backend_role.py +87 -88
pulumi_vault/kubernetes/get_service_account_token.py +51 -52
pulumi_vault/kubernetes/secret_backend.py +431 -385
pulumi_vault/kubernetes/secret_backend_role.py +239 -240
pulumi_vault/kv/__init__.py +1 -1
pulumi_vault/kv/_inputs.py +25 -26
pulumi_vault/kv/get_secret.py +25 -26
pulumi_vault/kv/get_secret_subkeys_v2.py +39 -40
pulumi_vault/kv/get_secret_v2.py +41 -42
pulumi_vault/kv/get_secrets_list.py +17 -18
pulumi_vault/kv/get_secrets_list_v2.py +25 -26
pulumi_vault/kv/outputs.py +17 -18
pulumi_vault/kv/secret.py +61 -62
pulumi_vault/kv/secret_backend_v2.py +86 -87
pulumi_vault/kv/secret_v2.py +184 -185
pulumi_vault/ldap/__init__.py +1 -1
pulumi_vault/ldap/auth_backend.py +716 -717
pulumi_vault/ldap/auth_backend_group.py +69 -70
pulumi_vault/ldap/auth_backend_user.py +86 -87
pulumi_vault/ldap/get_dynamic_credentials.py +27 -28
pulumi_vault/ldap/get_static_credentials.py +29 -30
pulumi_vault/ldap/secret_backend.py +732 -693
pulumi_vault/ldap/secret_backend_dynamic_role.py +154 -155
pulumi_vault/ldap/secret_backend_library_set.py +120 -121
pulumi_vault/ldap/secret_backend_static_role.py +120 -121
pulumi_vault/managed/__init__.py +1 -1
pulumi_vault/managed/_inputs.py +274 -275
pulumi_vault/managed/keys.py +27 -28
pulumi_vault/managed/outputs.py +184 -185
pulumi_vault/mfa_duo.py +137 -138
pulumi_vault/mfa_okta.py +137 -138
pulumi_vault/mfa_pingid.py +149 -150
pulumi_vault/mfa_totp.py +154 -155
pulumi_vault/mongodbatlas/__init__.py +1 -1
pulumi_vault/mongodbatlas/secret_backend.py +78 -79
pulumi_vault/mongodbatlas/secret_role.py +188 -189
pulumi_vault/mount.py +380 -334
pulumi_vault/namespace.py +78 -79
pulumi_vault/nomad_secret_backend.py +909 -271
pulumi_vault/nomad_secret_role.py +103 -104
pulumi_vault/oci_auth_backend.py +683 -0
pulumi_vault/oci_auth_backend_role.py +798 -0
pulumi_vault/okta/__init__.py +1 -1
pulumi_vault/okta/_inputs.py +31 -32
pulumi_vault/okta/auth_backend.py +305 -306
pulumi_vault/okta/auth_backend_group.py +69 -70
pulumi_vault/okta/auth_backend_user.py +86 -87
pulumi_vault/okta/outputs.py +21 -22
pulumi_vault/outputs.py +234 -82
pulumi_vault/pkisecret/__init__.py +1 -1
pulumi_vault/pkisecret/_inputs.py +55 -56
pulumi_vault/pkisecret/backend_acme_eab.py +116 -117
pulumi_vault/pkisecret/backend_config_acme.py +175 -176
pulumi_vault/pkisecret/backend_config_auto_tidy.py +394 -395
pulumi_vault/pkisecret/backend_config_cluster.py +71 -72
pulumi_vault/pkisecret/backend_config_cmpv2.py +132 -133
pulumi_vault/pkisecret/backend_config_est.py +149 -150
pulumi_vault/pkisecret/backend_config_scep.py +205 -159
pulumi_vault/pkisecret/get_backend_cert_metadata.py +37 -38
pulumi_vault/pkisecret/get_backend_config_cmpv2.py +32 -33
pulumi_vault/pkisecret/get_backend_config_est.py +30 -31
pulumi_vault/pkisecret/get_backend_config_scep.py +50 -31
pulumi_vault/pkisecret/get_backend_issuer.py +63 -64
pulumi_vault/pkisecret/get_backend_issuers.py +23 -24
pulumi_vault/pkisecret/get_backend_key.py +29 -30
pulumi_vault/pkisecret/get_backend_keys.py +23 -24
pulumi_vault/pkisecret/outputs.py +61 -62
pulumi_vault/pkisecret/secret_backend_cert.py +415 -416
pulumi_vault/pkisecret/secret_backend_config_ca.py +54 -55
pulumi_vault/pkisecret/secret_backend_config_issuers.py +75 -76
pulumi_vault/pkisecret/secret_backend_config_urls.py +105 -106
pulumi_vault/pkisecret/secret_backend_crl_config.py +241 -242
pulumi_vault/pkisecret/secret_backend_intermediate_cert_request.py +515 -516
pulumi_vault/pkisecret/secret_backend_intermediate_set_signed.py +78 -79
pulumi_vault/pkisecret/secret_backend_issuer.py +286 -287
pulumi_vault/pkisecret/secret_backend_key.py +146 -147
pulumi_vault/pkisecret/secret_backend_role.py +873 -874
pulumi_vault/pkisecret/secret_backend_root_cert.py +677 -678
pulumi_vault/pkisecret/secret_backend_root_sign_intermediate.py +660 -661
pulumi_vault/pkisecret/secret_backend_sign.py +346 -347
pulumi_vault/plugin.py +154 -155
pulumi_vault/plugin_pinned_version.py +52 -53
pulumi_vault/policy.py +52 -53
pulumi_vault/provider.py +160 -161
pulumi_vault/pulumi-plugin.json +1 -1
pulumi_vault/quota_lease_count.py +103 -104
pulumi_vault/quota_rate_limit.py +171 -172
pulumi_vault/rabbitmq/__init__.py +1 -1
pulumi_vault/rabbitmq/_inputs.py +50 -51
pulumi_vault/rabbitmq/outputs.py +34 -35
pulumi_vault/rabbitmq/secret_backend.py +902 -231
pulumi_vault/rabbitmq/secret_backend_role.py +79 -80
pulumi_vault/raft_autopilot.py +137 -138
pulumi_vault/raft_snapshot_agent_config.py +477 -478
pulumi_vault/rgp_policy.py +69 -70
pulumi_vault/saml/__init__.py +1 -1
pulumi_vault/saml/auth_backend.py +188 -189
pulumi_vault/saml/auth_backend_role.py +290 -291
pulumi_vault/scep_auth_backend_role.py +252 -253
pulumi_vault/secrets/__init__.py +1 -1
pulumi_vault/secrets/_inputs.py +19 -20
pulumi_vault/secrets/outputs.py +13 -14
pulumi_vault/secrets/sync_association.py +88 -89
pulumi_vault/secrets/sync_aws_destination.py +180 -181
pulumi_vault/secrets/sync_azure_destination.py +180 -181
pulumi_vault/secrets/sync_config.py +52 -53
pulumi_vault/secrets/sync_gcp_destination.py +129 -130
pulumi_vault/secrets/sync_gh_destination.py +163 -164
pulumi_vault/secrets/sync_github_apps.py +78 -79
pulumi_vault/secrets/sync_vercel_destination.py +146 -147
pulumi_vault/ssh/__init__.py +1 -1
pulumi_vault/ssh/_inputs.py +13 -14
pulumi_vault/ssh/get_secret_backend_sign.py +65 -66
pulumi_vault/ssh/outputs.py +9 -10
pulumi_vault/ssh/secret_backend_ca.py +217 -124
pulumi_vault/ssh/secret_backend_role.py +446 -447
pulumi_vault/terraformcloud/__init__.py +1 -1
pulumi_vault/terraformcloud/secret_backend.py +833 -155
pulumi_vault/terraformcloud/secret_creds.py +93 -94
pulumi_vault/terraformcloud/secret_role.py +117 -118
pulumi_vault/token.py +301 -302
pulumi_vault/tokenauth/__init__.py +1 -1
pulumi_vault/tokenauth/auth_backend_role.py +324 -325
pulumi_vault/transform/__init__.py +1 -1
pulumi_vault/transform/alphabet.py +69 -70
pulumi_vault/transform/get_decode.py +57 -58
pulumi_vault/transform/get_encode.py +57 -58
pulumi_vault/transform/role.py +69 -70
pulumi_vault/transform/template.py +137 -138
pulumi_vault/transform/transformation.py +171 -172
pulumi_vault/transit/__init__.py +1 -1
pulumi_vault/transit/get_cmac.py +47 -48
pulumi_vault/transit/get_decrypt.py +25 -26
pulumi_vault/transit/get_encrypt.py +29 -30
pulumi_vault/transit/get_sign.py +71 -72
pulumi_vault/transit/get_verify.py +83 -84
pulumi_vault/transit/secret_backend_key.py +377 -350
pulumi_vault/transit/secret_cache_config.py +52 -53
{pulumi_vault-7.1.0.dist-info → pulumi_vault-7.2.0.dist-info}/METADATA +1 -1
pulumi_vault-7.2.0.dist-info/RECORD +270 -0
pulumi_vault-7.1.0.dist-info/RECORD +0 -268
{pulumi_vault-7.1.0.dist-info → pulumi_vault-7.2.0.dist-info}/WHEEL +0 -0
{pulumi_vault-7.1.0.dist-info → pulumi_vault-7.2.0.dist-info}/top_level.txt +0 -0

pulumi_vault/transit/secret_backend_key.py CHANGED Viewed

@@ -2,8 +2,7 @@
 # *** WARNING: this file was generated by pulumi-language-python. ***
 # *** Do not edit by hand unless you're certain you know what you are doing! ***
-import builtins
-import copy
+import builtins as _builtins
 import warnings
 import sys
 import pulumi
@@ -20,48 +19,52 @@ __all__ = ['SecretBackendKeyArgs', 'SecretBackendKey']
 @pulumi.input_type
 class SecretBackendKeyArgs:
     def __init__(__self__, *,
-                 backend: pulumi.Input[builtins.str],
-                 allow_plaintext_backup: Optional[pulumi.Input[builtins.bool]] = None,
-                 auto_rotate_period: Optional[pulumi.Input[builtins.int]] = None,
-                 convergent_encryption: Optional[pulumi.Input[builtins.bool]] = None,
-                 deletion_allowed: Optional[pulumi.Input[builtins.bool]] = None,
-                 derived: Optional[pulumi.Input[builtins.bool]] = None,
-                 exportable: Optional[pulumi.Input[builtins.bool]] = None,
-                 hybrid_key_type_ec: Optional[pulumi.Input[builtins.str]] = None,
-                 hybrid_key_type_pqc: Optional[pulumi.Input[builtins.str]] = None,
-                 key_size: Optional[pulumi.Input[builtins.int]] = None,
-                 min_decryption_version: Optional[pulumi.Input[builtins.int]] = None,
-                 min_encryption_version: Optional[pulumi.Input[builtins.int]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 parameter_set: Optional[pulumi.Input[builtins.str]] = None,
-                 type: Optional[pulumi.Input[builtins.str]] = None):
+                 backend: pulumi.Input[_builtins.str],
+                 allow_plaintext_backup: Optional[pulumi.Input[_builtins.bool]] = None,
+                 auto_rotate_period: Optional[pulumi.Input[_builtins.int]] = None,
+                 convergent_encryption: Optional[pulumi.Input[_builtins.bool]] = None,
+                 deletion_allowed: Optional[pulumi.Input[_builtins.bool]] = None,
+                 derived: Optional[pulumi.Input[_builtins.bool]] = None,
+                 exportable: Optional[pulumi.Input[_builtins.bool]] = None,
+                 hybrid_key_type_ec: Optional[pulumi.Input[_builtins.str]] = None,
+                 hybrid_key_type_pqc: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_size: Optional[pulumi.Input[_builtins.int]] = None,
+                 min_decryption_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 min_encryption_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 parameter_set: Optional[pulumi.Input[_builtins.str]] = None,
+                 type: Optional[pulumi.Input[_builtins.str]] = None):
         """
         The set of arguments for constructing a SecretBackendKey resource.
-        :param pulumi.Input[builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
-        :param pulumi.Input[builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
+        :param pulumi.Input[_builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
+        :param pulumi.Input[_builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
                * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
-        :param pulumi.Input[builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
+        :param pulumi.Input[_builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
                A value of 0 disables automatic rotation for the key.
-        :param pulumi.Input[builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
-        :param pulumi.Input[builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
-        :param pulumi.Input[builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
-        :param pulumi.Input[builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
-        :param pulumi.Input[builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
+        :param pulumi.Input[_builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
+        :param pulumi.Input[_builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
+        :param pulumi.Input[_builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
+        :param pulumi.Input[_builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
+        :param pulumi.Input[_builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
                Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
-        :param pulumi.Input[builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
+        :param pulumi.Input[_builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
                Currently, ML-DSA is the only supported key type.
-        :param pulumi.Input[builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
-        :param pulumi.Input[builtins.int] min_decryption_version: Minimum key version to use for decryption.
-        :param pulumi.Input[builtins.int] min_encryption_version: Minimum key version to use for encryption
-        :param pulumi.Input[builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
+        :param pulumi.Input[_builtins.int] min_decryption_version: Minimum key version to use for decryption.
+        :param pulumi.Input[_builtins.int] min_encryption_version: Minimum key version to use for encryption
+        :param pulumi.Input[_builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[builtins.str] parameter_set: The parameter set to use for ML-DSA. Required for
-               ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
-        :param pulumi.Input[builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
+        :param pulumi.Input[_builtins.str] parameter_set: The parameter set to use for ML-DSA or SLH-DSA. Required for
+               ML-DSA, hybrid, and SLH-DSA keys.
+               Valid values for ML-DSA are `44`, `65`, and `87`.
+               Valid values for SLH-DSA are `slh-dsa-sha2-128s`, `slh-dsa-shake-128s`, `slh-dsa-sha2-128f`, `slh-dsa-shake-128`, `slh-dsa-sha2-192s`,
+               `slh-dsa-shake-192s`, `slh-dsa-sha2-192f`, `slh-dsa-shake-192f`, `slh-dsa-sha2-256s`, `slh-dsa-shake-256s`,
+               `slh-dsa-sha2-256f`, and `slh-dsa-shake-256f`.
+        :param pulumi.Input[_builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072`, `rsa-4096`, `managed_key`, `aes128-cmac`, `aes192-cmac`, `aes256-cmac`, `ml-dsa`, `hybrid`, and `slh-dsa`.
                * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
         """
         pulumi.set(__self__, "backend", backend)
@@ -96,21 +99,21 @@ class SecretBackendKeyArgs:
         if type is not None:
             pulumi.set(__self__, "type", type)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def backend(self) -> pulumi.Input[builtins.str]:
+    def backend(self) -> pulumi.Input[_builtins.str]:
         """
         The path the transit secret backend is mounted at, with no leading or trailing `/`s.
         """
         return pulumi.get(self, "backend")
     @backend.setter
-    def backend(self, value: pulumi.Input[builtins.str]):
+    def backend(self, value: pulumi.Input[_builtins.str]):
         pulumi.set(self, "backend", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowPlaintextBackup")
-    def allow_plaintext_backup(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_plaintext_backup(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
         * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
@@ -118,12 +121,12 @@ class SecretBackendKeyArgs:
         return pulumi.get(self, "allow_plaintext_backup")
     @allow_plaintext_backup.setter
-    def allow_plaintext_backup(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_plaintext_backup(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_plaintext_backup", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="autoRotatePeriod")
-    def auto_rotate_period(self) -> Optional[pulumi.Input[builtins.int]]:
+    def auto_rotate_period(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Amount of seconds the key should live before being automatically rotated.
         A value of 0 disables automatic rotation for the key.
@@ -131,60 +134,60 @@ class SecretBackendKeyArgs:
         return pulumi.get(self, "auto_rotate_period")
     @auto_rotate_period.setter
-    def auto_rotate_period(self, value: Optional[pulumi.Input[builtins.int]]):
+    def auto_rotate_period(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "auto_rotate_period", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="convergentEncryption")
-    def convergent_encryption(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def convergent_encryption(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
         """
         return pulumi.get(self, "convergent_encryption")
     @convergent_encryption.setter
-    def convergent_encryption(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def convergent_encryption(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "convergent_encryption", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="deletionAllowed")
-    def deletion_allowed(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def deletion_allowed(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Specifies if the key is allowed to be deleted.
         """
         return pulumi.get(self, "deletion_allowed")
     @deletion_allowed.setter
-    def deletion_allowed(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def deletion_allowed(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "deletion_allowed", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def derived(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def derived(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
         """
         return pulumi.get(self, "derived")
     @derived.setter
-    def derived(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def derived(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "derived", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def exportable(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def exportable(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
         """
         return pulumi.get(self, "exportable")
     @exportable.setter
-    def exportable(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def exportable(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "exportable", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="hybridKeyTypeEc")
-    def hybrid_key_type_ec(self) -> Optional[pulumi.Input[builtins.str]]:
+    def hybrid_key_type_ec(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The elliptic curve algorithm to use for hybrid signatures.
         Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
@@ -192,12 +195,12 @@ class SecretBackendKeyArgs:
         return pulumi.get(self, "hybrid_key_type_ec")
     @hybrid_key_type_ec.setter
-    def hybrid_key_type_ec(self, value: Optional[pulumi.Input[builtins.str]]):
+    def hybrid_key_type_ec(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "hybrid_key_type_ec", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="hybridKeyTypePqc")
-    def hybrid_key_type_pqc(self) -> Optional[pulumi.Input[builtins.str]]:
+    def hybrid_key_type_pqc(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The post-quantum algorithm to use for hybrid signatures.
         Currently, ML-DSA is the only supported key type.
@@ -205,60 +208,60 @@ class SecretBackendKeyArgs:
         return pulumi.get(self, "hybrid_key_type_pqc")
     @hybrid_key_type_pqc.setter
-    def hybrid_key_type_pqc(self, value: Optional[pulumi.Input[builtins.str]]):
+    def hybrid_key_type_pqc(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "hybrid_key_type_pqc", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="keySize")
-    def key_size(self) -> Optional[pulumi.Input[builtins.int]]:
+    def key_size(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
         """
         return pulumi.get(self, "key_size")
     @key_size.setter
-    def key_size(self, value: Optional[pulumi.Input[builtins.int]]):
+    def key_size(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "key_size", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="minDecryptionVersion")
-    def min_decryption_version(self) -> Optional[pulumi.Input[builtins.int]]:
+    def min_decryption_version(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Minimum key version to use for decryption.
         """
         return pulumi.get(self, "min_decryption_version")
     @min_decryption_version.setter
-    def min_decryption_version(self, value: Optional[pulumi.Input[builtins.int]]):
+    def min_decryption_version(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "min_decryption_version", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="minEncryptionVersion")
-    def min_encryption_version(self) -> Optional[pulumi.Input[builtins.int]]:
+    def min_encryption_version(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Minimum key version to use for encryption
         """
         return pulumi.get(self, "min_encryption_version")
     @min_encryption_version.setter
-    def min_encryption_version(self, value: Optional[pulumi.Input[builtins.int]]):
+    def min_encryption_version(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "min_encryption_version", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def name(self) -> Optional[pulumi.Input[builtins.str]]:
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The name to identify this key within the backend. Must be unique within the backend.
         """
         return pulumi.get(self, "name")
     @name.setter
-    def name(self, value: Optional[pulumi.Input[builtins.str]]):
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "name", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -268,97 +271,105 @@ class SecretBackendKeyArgs:
         return pulumi.get(self, "namespace")
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "namespace", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="parameterSet")
-    def parameter_set(self) -> Optional[pulumi.Input[builtins.str]]:
+    def parameter_set(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
-        The parameter set to use for ML-DSA. Required for
-        ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
+        The parameter set to use for ML-DSA or SLH-DSA. Required for
+        ML-DSA, hybrid, and SLH-DSA keys.
+        Valid values for ML-DSA are `44`, `65`, and `87`.
+        Valid values for SLH-DSA are `slh-dsa-sha2-128s`, `slh-dsa-shake-128s`, `slh-dsa-sha2-128f`, `slh-dsa-shake-128`, `slh-dsa-sha2-192s`,
+        `slh-dsa-shake-192s`, `slh-dsa-sha2-192f`, `slh-dsa-shake-192f`, `slh-dsa-sha2-256s`, `slh-dsa-shake-256s`,
+        `slh-dsa-sha2-256f`, and `slh-dsa-shake-256f`.
         """
         return pulumi.get(self, "parameter_set")
     @parameter_set.setter
-    def parameter_set(self, value: Optional[pulumi.Input[builtins.str]]):
+    def parameter_set(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "parameter_set", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def type(self) -> Optional[pulumi.Input[builtins.str]]:
+    def type(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
-        Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
+        Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072`, `rsa-4096`, `managed_key`, `aes128-cmac`, `aes192-cmac`, `aes256-cmac`, `ml-dsa`, `hybrid`, and `slh-dsa`.
         * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
         """
         return pulumi.get(self, "type")
     @type.setter
-    def type(self, value: Optional[pulumi.Input[builtins.str]]):
+    def type(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "type", value)
 @pulumi.input_type
 class _SecretBackendKeyState:
     def __init__(__self__, *,
-                 allow_plaintext_backup: Optional[pulumi.Input[builtins.bool]] = None,
-                 auto_rotate_period: Optional[pulumi.Input[builtins.int]] = None,
-                 backend: Optional[pulumi.Input[builtins.str]] = None,
-                 convergent_encryption: Optional[pulumi.Input[builtins.bool]] = None,
-                 deletion_allowed: Optional[pulumi.Input[builtins.bool]] = None,
-                 derived: Optional[pulumi.Input[builtins.bool]] = None,
-                 exportable: Optional[pulumi.Input[builtins.bool]] = None,
-                 hybrid_key_type_ec: Optional[pulumi.Input[builtins.str]] = None,
-                 hybrid_key_type_pqc: Optional[pulumi.Input[builtins.str]] = None,
-                 key_size: Optional[pulumi.Input[builtins.int]] = None,
-                 keys: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]]] = None,
-                 latest_version: Optional[pulumi.Input[builtins.int]] = None,
-                 min_available_version: Optional[pulumi.Input[builtins.int]] = None,
-                 min_decryption_version: Optional[pulumi.Input[builtins.int]] = None,
-                 min_encryption_version: Optional[pulumi.Input[builtins.int]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 parameter_set: Optional[pulumi.Input[builtins.str]] = None,
-                 supports_decryption: Optional[pulumi.Input[builtins.bool]] = None,
-                 supports_derivation: Optional[pulumi.Input[builtins.bool]] = None,
-                 supports_encryption: Optional[pulumi.Input[builtins.bool]] = None,
-                 supports_signing: Optional[pulumi.Input[builtins.bool]] = None,
-                 type: Optional[pulumi.Input[builtins.str]] = None):
+                 allow_plaintext_backup: Optional[pulumi.Input[_builtins.bool]] = None,
+                 auto_rotate_period: Optional[pulumi.Input[_builtins.int]] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 convergent_encryption: Optional[pulumi.Input[_builtins.bool]] = None,
+                 deletion_allowed: Optional[pulumi.Input[_builtins.bool]] = None,
+                 derived: Optional[pulumi.Input[_builtins.bool]] = None,
+                 exportable: Optional[pulumi.Input[_builtins.bool]] = None,
+                 hybrid_key_type_ec: Optional[pulumi.Input[_builtins.str]] = None,
+                 hybrid_key_type_pqc: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_size: Optional[pulumi.Input[_builtins.int]] = None,
+                 keys: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]] = None,
+                 latest_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 min_available_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 min_decryption_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 min_encryption_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 parameter_set: Optional[pulumi.Input[_builtins.str]] = None,
+                 supports_decryption: Optional[pulumi.Input[_builtins.bool]] = None,
+                 supports_derivation: Optional[pulumi.Input[_builtins.bool]] = None,
+                 supports_encryption: Optional[pulumi.Input[_builtins.bool]] = None,
+                 supports_signing: Optional[pulumi.Input[_builtins.bool]] = None,
+                 type: Optional[pulumi.Input[_builtins.str]] = None):
         """
         Input properties used for looking up and filtering SecretBackendKey resources.
-        :param pulumi.Input[builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
+        :param pulumi.Input[_builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
                * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
-        :param pulumi.Input[builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
+        :param pulumi.Input[_builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
                A value of 0 disables automatic rotation for the key.
-        :param pulumi.Input[builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
-        :param pulumi.Input[builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
-        :param pulumi.Input[builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
-        :param pulumi.Input[builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
-        :param pulumi.Input[builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
-        :param pulumi.Input[builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
+        :param pulumi.Input[_builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
+        :param pulumi.Input[_builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
+        :param pulumi.Input[_builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
+        :param pulumi.Input[_builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
+        :param pulumi.Input[_builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
+        :param pulumi.Input[_builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
                Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
-        :param pulumi.Input[builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
+        :param pulumi.Input[_builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
                Currently, ML-DSA is the only supported key type.
-        :param pulumi.Input[builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
-        :param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]] keys: List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
+        :param pulumi.Input[_builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
+        :param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]] keys: List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
                * for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata.
                * for key types `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`, each key version will be a map of the following:
-        :param pulumi.Input[builtins.int] latest_version: Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
-        :param pulumi.Input[builtins.int] min_available_version: Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
-        :param pulumi.Input[builtins.int] min_decryption_version: Minimum key version to use for decryption.
-        :param pulumi.Input[builtins.int] min_encryption_version: Minimum key version to use for encryption
-        :param pulumi.Input[builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.int] latest_version: Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
+        :param pulumi.Input[_builtins.int] min_available_version: Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
+        :param pulumi.Input[_builtins.int] min_decryption_version: Minimum key version to use for decryption.
+        :param pulumi.Input[_builtins.int] min_encryption_version: Minimum key version to use for encryption
+        :param pulumi.Input[_builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[builtins.str] parameter_set: The parameter set to use for ML-DSA. Required for
-               ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
-        :param pulumi.Input[builtins.bool] supports_decryption: Whether or not the key supports decryption, based on key type.
-        :param pulumi.Input[builtins.bool] supports_derivation: Whether or not the key supports derivation, based on key type.
-        :param pulumi.Input[builtins.bool] supports_encryption: Whether or not the key supports encryption, based on key type.
-        :param pulumi.Input[builtins.bool] supports_signing: Whether or not the key supports signing, based on key type.
-        :param pulumi.Input[builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
+        :param pulumi.Input[_builtins.str] parameter_set: The parameter set to use for ML-DSA or SLH-DSA. Required for
+               ML-DSA, hybrid, and SLH-DSA keys.
+               Valid values for ML-DSA are `44`, `65`, and `87`.
+               Valid values for SLH-DSA are `slh-dsa-sha2-128s`, `slh-dsa-shake-128s`, `slh-dsa-sha2-128f`, `slh-dsa-shake-128`, `slh-dsa-sha2-192s`,
+               `slh-dsa-shake-192s`, `slh-dsa-sha2-192f`, `slh-dsa-shake-192f`, `slh-dsa-sha2-256s`, `slh-dsa-shake-256s`,
+               `slh-dsa-sha2-256f`, and `slh-dsa-shake-256f`.
+        :param pulumi.Input[_builtins.bool] supports_decryption: Whether or not the key supports decryption, based on key type.
+        :param pulumi.Input[_builtins.bool] supports_derivation: Whether or not the key supports derivation, based on key type.
+        :param pulumi.Input[_builtins.bool] supports_encryption: Whether or not the key supports encryption, based on key type.
+        :param pulumi.Input[_builtins.bool] supports_signing: Whether or not the key supports signing, based on key type.
+        :param pulumi.Input[_builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072`, `rsa-4096`, `managed_key`, `aes128-cmac`, `aes192-cmac`, `aes256-cmac`, `ml-dsa`, `hybrid`, and `slh-dsa`.
                * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
         """
         if allow_plaintext_backup is not None:
@@ -408,9 +419,9 @@ class _SecretBackendKeyState:
         if type is not None:
             pulumi.set(__self__, "type", type)
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowPlaintextBackup")
-    def allow_plaintext_backup(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def allow_plaintext_backup(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
         * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
@@ -418,12 +429,12 @@ class _SecretBackendKeyState:
         return pulumi.get(self, "allow_plaintext_backup")
     @allow_plaintext_backup.setter
-    def allow_plaintext_backup(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def allow_plaintext_backup(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "allow_plaintext_backup", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="autoRotatePeriod")
-    def auto_rotate_period(self) -> Optional[pulumi.Input[builtins.int]]:
+    def auto_rotate_period(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Amount of seconds the key should live before being automatically rotated.
         A value of 0 disables automatic rotation for the key.
@@ -431,72 +442,72 @@ class _SecretBackendKeyState:
         return pulumi.get(self, "auto_rotate_period")
     @auto_rotate_period.setter
-    def auto_rotate_period(self, value: Optional[pulumi.Input[builtins.int]]):
+    def auto_rotate_period(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "auto_rotate_period", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def backend(self) -> Optional[pulumi.Input[builtins.str]]:
+    def backend(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The path the transit secret backend is mounted at, with no leading or trailing `/`s.
         """
         return pulumi.get(self, "backend")
     @backend.setter
-    def backend(self, value: Optional[pulumi.Input[builtins.str]]):
+    def backend(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "backend", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="convergentEncryption")
-    def convergent_encryption(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def convergent_encryption(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
         """
         return pulumi.get(self, "convergent_encryption")
     @convergent_encryption.setter
-    def convergent_encryption(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def convergent_encryption(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "convergent_encryption", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="deletionAllowed")
-    def deletion_allowed(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def deletion_allowed(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Specifies if the key is allowed to be deleted.
         """
         return pulumi.get(self, "deletion_allowed")
     @deletion_allowed.setter
-    def deletion_allowed(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def deletion_allowed(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "deletion_allowed", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def derived(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def derived(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
         """
         return pulumi.get(self, "derived")
     @derived.setter
-    def derived(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def derived(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "derived", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def exportable(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def exportable(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
         """
         return pulumi.get(self, "exportable")
     @exportable.setter
-    def exportable(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def exportable(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "exportable", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="hybridKeyTypeEc")
-    def hybrid_key_type_ec(self) -> Optional[pulumi.Input[builtins.str]]:
+    def hybrid_key_type_ec(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The elliptic curve algorithm to use for hybrid signatures.
         Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
@@ -504,12 +515,12 @@ class _SecretBackendKeyState:
         return pulumi.get(self, "hybrid_key_type_ec")
     @hybrid_key_type_ec.setter
-    def hybrid_key_type_ec(self, value: Optional[pulumi.Input[builtins.str]]):
+    def hybrid_key_type_ec(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "hybrid_key_type_ec", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="hybridKeyTypePqc")
-    def hybrid_key_type_pqc(self) -> Optional[pulumi.Input[builtins.str]]:
+    def hybrid_key_type_pqc(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The post-quantum algorithm to use for hybrid signatures.
         Currently, ML-DSA is the only supported key type.
@@ -517,24 +528,24 @@ class _SecretBackendKeyState:
         return pulumi.get(self, "hybrid_key_type_pqc")
     @hybrid_key_type_pqc.setter
-    def hybrid_key_type_pqc(self, value: Optional[pulumi.Input[builtins.str]]):
+    def hybrid_key_type_pqc(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "hybrid_key_type_pqc", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="keySize")
-    def key_size(self) -> Optional[pulumi.Input[builtins.int]]:
+    def key_size(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
         """
         return pulumi.get(self, "key_size")
     @key_size.setter
-    def key_size(self, value: Optional[pulumi.Input[builtins.int]]):
+    def key_size(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "key_size", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]]]:
+    def keys(self) -> Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]]:
         """
         List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
         * for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata.
@@ -543,72 +554,72 @@ class _SecretBackendKeyState:
         return pulumi.get(self, "keys")
     @keys.setter
-    def keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]]]):
+    def keys(self, value: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]]):
         pulumi.set(self, "keys", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="latestVersion")
-    def latest_version(self) -> Optional[pulumi.Input[builtins.int]]:
+    def latest_version(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
         """
         return pulumi.get(self, "latest_version")
     @latest_version.setter
-    def latest_version(self, value: Optional[pulumi.Input[builtins.int]]):
+    def latest_version(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "latest_version", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="minAvailableVersion")
-    def min_available_version(self) -> Optional[pulumi.Input[builtins.int]]:
+    def min_available_version(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
         """
         return pulumi.get(self, "min_available_version")
     @min_available_version.setter
-    def min_available_version(self, value: Optional[pulumi.Input[builtins.int]]):
+    def min_available_version(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "min_available_version", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="minDecryptionVersion")
-    def min_decryption_version(self) -> Optional[pulumi.Input[builtins.int]]:
+    def min_decryption_version(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Minimum key version to use for decryption.
         """
         return pulumi.get(self, "min_decryption_version")
     @min_decryption_version.setter
-    def min_decryption_version(self, value: Optional[pulumi.Input[builtins.int]]):
+    def min_decryption_version(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "min_decryption_version", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="minEncryptionVersion")
-    def min_encryption_version(self) -> Optional[pulumi.Input[builtins.int]]:
+    def min_encryption_version(self) -> Optional[pulumi.Input[_builtins.int]]:
         """
         Minimum key version to use for encryption
         """
         return pulumi.get(self, "min_encryption_version")
     @min_encryption_version.setter
-    def min_encryption_version(self, value: Optional[pulumi.Input[builtins.int]]):
+    def min_encryption_version(self, value: Optional[pulumi.Input[_builtins.int]]):
         pulumi.set(self, "min_encryption_version", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def name(self) -> Optional[pulumi.Input[builtins.str]]:
+    def name(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The name to identify this key within the backend. Must be unique within the backend.
         """
         return pulumi.get(self, "name")
     @name.setter
-    def name(self, value: Optional[pulumi.Input[builtins.str]]):
+    def name(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "name", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> Optional[pulumi.Input[builtins.str]]:
+    def namespace(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -618,81 +629,85 @@ class _SecretBackendKeyState:
         return pulumi.get(self, "namespace")
     @namespace.setter
-    def namespace(self, value: Optional[pulumi.Input[builtins.str]]):
+    def namespace(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "namespace", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="parameterSet")
-    def parameter_set(self) -> Optional[pulumi.Input[builtins.str]]:
+    def parameter_set(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
-        The parameter set to use for ML-DSA. Required for
-        ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
+        The parameter set to use for ML-DSA or SLH-DSA. Required for
+        ML-DSA, hybrid, and SLH-DSA keys.
+        Valid values for ML-DSA are `44`, `65`, and `87`.
+        Valid values for SLH-DSA are `slh-dsa-sha2-128s`, `slh-dsa-shake-128s`, `slh-dsa-sha2-128f`, `slh-dsa-shake-128`, `slh-dsa-sha2-192s`,
+        `slh-dsa-shake-192s`, `slh-dsa-sha2-192f`, `slh-dsa-shake-192f`, `slh-dsa-sha2-256s`, `slh-dsa-shake-256s`,
+        `slh-dsa-sha2-256f`, and `slh-dsa-shake-256f`.
         """
         return pulumi.get(self, "parameter_set")
     @parameter_set.setter
-    def parameter_set(self, value: Optional[pulumi.Input[builtins.str]]):
+    def parameter_set(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "parameter_set", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="supportsDecryption")
-    def supports_decryption(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def supports_decryption(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Whether or not the key supports decryption, based on key type.
         """
         return pulumi.get(self, "supports_decryption")
     @supports_decryption.setter
-    def supports_decryption(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def supports_decryption(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "supports_decryption", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="supportsDerivation")
-    def supports_derivation(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def supports_derivation(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Whether or not the key supports derivation, based on key type.
         """
         return pulumi.get(self, "supports_derivation")
     @supports_derivation.setter
-    def supports_derivation(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def supports_derivation(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "supports_derivation", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="supportsEncryption")
-    def supports_encryption(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def supports_encryption(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Whether or not the key supports encryption, based on key type.
         """
         return pulumi.get(self, "supports_encryption")
     @supports_encryption.setter
-    def supports_encryption(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def supports_encryption(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "supports_encryption", value)
-    @property
+    @_builtins.property
     @pulumi.getter(name="supportsSigning")
-    def supports_signing(self) -> Optional[pulumi.Input[builtins.bool]]:
+    def supports_signing(self) -> Optional[pulumi.Input[_builtins.bool]]:
         """
         Whether or not the key supports signing, based on key type.
         """
         return pulumi.get(self, "supports_signing")
     @supports_signing.setter
-    def supports_signing(self, value: Optional[pulumi.Input[builtins.bool]]):
+    def supports_signing(self, value: Optional[pulumi.Input[_builtins.bool]]):
         pulumi.set(self, "supports_signing", value)
-    @property
+    @_builtins.property
     @pulumi.getter
-    def type(self) -> Optional[pulumi.Input[builtins.str]]:
+    def type(self) -> Optional[pulumi.Input[_builtins.str]]:
         """
-        Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
+        Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072`, `rsa-4096`, `managed_key`, `aes128-cmac`, `aes192-cmac`, `aes256-cmac`, `ml-dsa`, `hybrid`, and `slh-dsa`.
         * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
         """
         return pulumi.get(self, "type")
     @type.setter
-    def type(self, value: Optional[pulumi.Input[builtins.str]]):
+    def type(self, value: Optional[pulumi.Input[_builtins.str]]):
         pulumi.set(self, "type", value)
@@ -702,22 +717,22 @@ class SecretBackendKey(pulumi.CustomResource):
     def __init__(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 allow_plaintext_backup: Optional[pulumi.Input[builtins.bool]] = None,
-                 auto_rotate_period: Optional[pulumi.Input[builtins.int]] = None,
-                 backend: Optional[pulumi.Input[builtins.str]] = None,
-                 convergent_encryption: Optional[pulumi.Input[builtins.bool]] = None,
-                 deletion_allowed: Optional[pulumi.Input[builtins.bool]] = None,
-                 derived: Optional[pulumi.Input[builtins.bool]] = None,
-                 exportable: Optional[pulumi.Input[builtins.bool]] = None,
-                 hybrid_key_type_ec: Optional[pulumi.Input[builtins.str]] = None,
-                 hybrid_key_type_pqc: Optional[pulumi.Input[builtins.str]] = None,
-                 key_size: Optional[pulumi.Input[builtins.int]] = None,
-                 min_decryption_version: Optional[pulumi.Input[builtins.int]] = None,
-                 min_encryption_version: Optional[pulumi.Input[builtins.int]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 parameter_set: Optional[pulumi.Input[builtins.str]] = None,
-                 type: Optional[pulumi.Input[builtins.str]] = None,
+                 allow_plaintext_backup: Optional[pulumi.Input[_builtins.bool]] = None,
+                 auto_rotate_period: Optional[pulumi.Input[_builtins.int]] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 convergent_encryption: Optional[pulumi.Input[_builtins.bool]] = None,
+                 deletion_allowed: Optional[pulumi.Input[_builtins.bool]] = None,
+                 derived: Optional[pulumi.Input[_builtins.bool]] = None,
+                 exportable: Optional[pulumi.Input[_builtins.bool]] = None,
+                 hybrid_key_type_ec: Optional[pulumi.Input[_builtins.str]] = None,
+                 hybrid_key_type_pqc: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_size: Optional[pulumi.Input[_builtins.int]] = None,
+                 min_decryption_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 min_encryption_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 parameter_set: Optional[pulumi.Input[_builtins.str]] = None,
+                 type: Optional[pulumi.Input[_builtins.str]] = None,
                  __props__=None):
         """
         Creates an Encryption Keyring on a Transit Secret Backend for Vault.
@@ -749,30 +764,34 @@ class SecretBackendKey(pulumi.CustomResource):
         :param str resource_name: The name of the resource.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
+        :param pulumi.Input[_builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
                * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
-        :param pulumi.Input[builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
+        :param pulumi.Input[_builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
                A value of 0 disables automatic rotation for the key.
-        :param pulumi.Input[builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
-        :param pulumi.Input[builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
-        :param pulumi.Input[builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
-        :param pulumi.Input[builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
-        :param pulumi.Input[builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
-        :param pulumi.Input[builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
+        :param pulumi.Input[_builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
+        :param pulumi.Input[_builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
+        :param pulumi.Input[_builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
+        :param pulumi.Input[_builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
+        :param pulumi.Input[_builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
+        :param pulumi.Input[_builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
                Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
-        :param pulumi.Input[builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
+        :param pulumi.Input[_builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
                Currently, ML-DSA is the only supported key type.
-        :param pulumi.Input[builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
-        :param pulumi.Input[builtins.int] min_decryption_version: Minimum key version to use for decryption.
-        :param pulumi.Input[builtins.int] min_encryption_version: Minimum key version to use for encryption
-        :param pulumi.Input[builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
+        :param pulumi.Input[_builtins.int] min_decryption_version: Minimum key version to use for decryption.
+        :param pulumi.Input[_builtins.int] min_encryption_version: Minimum key version to use for encryption
+        :param pulumi.Input[_builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[builtins.str] parameter_set: The parameter set to use for ML-DSA. Required for
-               ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
-        :param pulumi.Input[builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
+        :param pulumi.Input[_builtins.str] parameter_set: The parameter set to use for ML-DSA or SLH-DSA. Required for
+               ML-DSA, hybrid, and SLH-DSA keys.
+               Valid values for ML-DSA are `44`, `65`, and `87`.
+               Valid values for SLH-DSA are `slh-dsa-sha2-128s`, `slh-dsa-shake-128s`, `slh-dsa-sha2-128f`, `slh-dsa-shake-128`, `slh-dsa-sha2-192s`,
+               `slh-dsa-shake-192s`, `slh-dsa-sha2-192f`, `slh-dsa-shake-192f`, `slh-dsa-sha2-256s`, `slh-dsa-shake-256s`,
+               `slh-dsa-sha2-256f`, and `slh-dsa-shake-256f`.
+        :param pulumi.Input[_builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072`, `rsa-4096`, `managed_key`, `aes128-cmac`, `aes192-cmac`, `aes256-cmac`, `ml-dsa`, `hybrid`, and `slh-dsa`.
                * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
         """
         ...
@@ -824,22 +843,22 @@ class SecretBackendKey(pulumi.CustomResource):
     def _internal_init(__self__,
                  resource_name: str,
                  opts: Optional[pulumi.ResourceOptions] = None,
-                 allow_plaintext_backup: Optional[pulumi.Input[builtins.bool]] = None,
-                 auto_rotate_period: Optional[pulumi.Input[builtins.int]] = None,
-                 backend: Optional[pulumi.Input[builtins.str]] = None,
-                 convergent_encryption: Optional[pulumi.Input[builtins.bool]] = None,
-                 deletion_allowed: Optional[pulumi.Input[builtins.bool]] = None,
-                 derived: Optional[pulumi.Input[builtins.bool]] = None,
-                 exportable: Optional[pulumi.Input[builtins.bool]] = None,
-                 hybrid_key_type_ec: Optional[pulumi.Input[builtins.str]] = None,
-                 hybrid_key_type_pqc: Optional[pulumi.Input[builtins.str]] = None,
-                 key_size: Optional[pulumi.Input[builtins.int]] = None,
-                 min_decryption_version: Optional[pulumi.Input[builtins.int]] = None,
-                 min_encryption_version: Optional[pulumi.Input[builtins.int]] = None,
-                 name: Optional[pulumi.Input[builtins.str]] = None,
-                 namespace: Optional[pulumi.Input[builtins.str]] = None,
-                 parameter_set: Optional[pulumi.Input[builtins.str]] = None,
-                 type: Optional[pulumi.Input[builtins.str]] = None,
+                 allow_plaintext_backup: Optional[pulumi.Input[_builtins.bool]] = None,
+                 auto_rotate_period: Optional[pulumi.Input[_builtins.int]] = None,
+                 backend: Optional[pulumi.Input[_builtins.str]] = None,
+                 convergent_encryption: Optional[pulumi.Input[_builtins.bool]] = None,
+                 deletion_allowed: Optional[pulumi.Input[_builtins.bool]] = None,
+                 derived: Optional[pulumi.Input[_builtins.bool]] = None,
+                 exportable: Optional[pulumi.Input[_builtins.bool]] = None,
+                 hybrid_key_type_ec: Optional[pulumi.Input[_builtins.str]] = None,
+                 hybrid_key_type_pqc: Optional[pulumi.Input[_builtins.str]] = None,
+                 key_size: Optional[pulumi.Input[_builtins.int]] = None,
+                 min_decryption_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 min_encryption_version: Optional[pulumi.Input[_builtins.int]] = None,
+                 name: Optional[pulumi.Input[_builtins.str]] = None,
+                 namespace: Optional[pulumi.Input[_builtins.str]] = None,
+                 parameter_set: Optional[pulumi.Input[_builtins.str]] = None,
+                 type: Optional[pulumi.Input[_builtins.str]] = None,
                  __props__=None):
         opts = pulumi.ResourceOptions.merge(_utilities.get_resource_opts_defaults(), opts)
         if not isinstance(opts, pulumi.ResourceOptions):
@@ -884,29 +903,29 @@ class SecretBackendKey(pulumi.CustomResource):
     def get(resource_name: str,
             id: pulumi.Input[str],
             opts: Optional[pulumi.ResourceOptions] = None,
-            allow_plaintext_backup: Optional[pulumi.Input[builtins.bool]] = None,
-            auto_rotate_period: Optional[pulumi.Input[builtins.int]] = None,
-            backend: Optional[pulumi.Input[builtins.str]] = None,
-            convergent_encryption: Optional[pulumi.Input[builtins.bool]] = None,
-            deletion_allowed: Optional[pulumi.Input[builtins.bool]] = None,
-            derived: Optional[pulumi.Input[builtins.bool]] = None,
-            exportable: Optional[pulumi.Input[builtins.bool]] = None,
-            hybrid_key_type_ec: Optional[pulumi.Input[builtins.str]] = None,
-            hybrid_key_type_pqc: Optional[pulumi.Input[builtins.str]] = None,
-            key_size: Optional[pulumi.Input[builtins.int]] = None,
-            keys: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]]] = None,
-            latest_version: Optional[pulumi.Input[builtins.int]] = None,
-            min_available_version: Optional[pulumi.Input[builtins.int]] = None,
-            min_decryption_version: Optional[pulumi.Input[builtins.int]] = None,
-            min_encryption_version: Optional[pulumi.Input[builtins.int]] = None,
-            name: Optional[pulumi.Input[builtins.str]] = None,
-            namespace: Optional[pulumi.Input[builtins.str]] = None,
-            parameter_set: Optional[pulumi.Input[builtins.str]] = None,
-            supports_decryption: Optional[pulumi.Input[builtins.bool]] = None,
-            supports_derivation: Optional[pulumi.Input[builtins.bool]] = None,
-            supports_encryption: Optional[pulumi.Input[builtins.bool]] = None,
-            supports_signing: Optional[pulumi.Input[builtins.bool]] = None,
-            type: Optional[pulumi.Input[builtins.str]] = None) -> 'SecretBackendKey':
+            allow_plaintext_backup: Optional[pulumi.Input[_builtins.bool]] = None,
+            auto_rotate_period: Optional[pulumi.Input[_builtins.int]] = None,
+            backend: Optional[pulumi.Input[_builtins.str]] = None,
+            convergent_encryption: Optional[pulumi.Input[_builtins.bool]] = None,
+            deletion_allowed: Optional[pulumi.Input[_builtins.bool]] = None,
+            derived: Optional[pulumi.Input[_builtins.bool]] = None,
+            exportable: Optional[pulumi.Input[_builtins.bool]] = None,
+            hybrid_key_type_ec: Optional[pulumi.Input[_builtins.str]] = None,
+            hybrid_key_type_pqc: Optional[pulumi.Input[_builtins.str]] = None,
+            key_size: Optional[pulumi.Input[_builtins.int]] = None,
+            keys: Optional[pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]]] = None,
+            latest_version: Optional[pulumi.Input[_builtins.int]] = None,
+            min_available_version: Optional[pulumi.Input[_builtins.int]] = None,
+            min_decryption_version: Optional[pulumi.Input[_builtins.int]] = None,
+            min_encryption_version: Optional[pulumi.Input[_builtins.int]] = None,
+            name: Optional[pulumi.Input[_builtins.str]] = None,
+            namespace: Optional[pulumi.Input[_builtins.str]] = None,
+            parameter_set: Optional[pulumi.Input[_builtins.str]] = None,
+            supports_decryption: Optional[pulumi.Input[_builtins.bool]] = None,
+            supports_derivation: Optional[pulumi.Input[_builtins.bool]] = None,
+            supports_encryption: Optional[pulumi.Input[_builtins.bool]] = None,
+            supports_signing: Optional[pulumi.Input[_builtins.bool]] = None,
+            type: Optional[pulumi.Input[_builtins.str]] = None) -> 'SecretBackendKey':
         """
         Get an existing SecretBackendKey resource's state with the given name, id, and optional extra
         properties used to qualify the lookup.
@@ -914,39 +933,43 @@ class SecretBackendKey(pulumi.CustomResource):
         :param str resource_name: The unique name of the resulting resource.
         :param pulumi.Input[str] id: The unique provider ID of the resource to lookup.
         :param pulumi.ResourceOptions opts: Options for the resource.
-        :param pulumi.Input[builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
+        :param pulumi.Input[_builtins.bool] allow_plaintext_backup: Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
                * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
-        :param pulumi.Input[builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
+        :param pulumi.Input[_builtins.int] auto_rotate_period: Amount of seconds the key should live before being automatically rotated.
                A value of 0 disables automatic rotation for the key.
-        :param pulumi.Input[builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
-        :param pulumi.Input[builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
-        :param pulumi.Input[builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
-        :param pulumi.Input[builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
-        :param pulumi.Input[builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
-        :param pulumi.Input[builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
+        :param pulumi.Input[_builtins.str] backend: The path the transit secret backend is mounted at, with no leading or trailing `/`s.
+        :param pulumi.Input[_builtins.bool] convergent_encryption: Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
+        :param pulumi.Input[_builtins.bool] deletion_allowed: Specifies if the key is allowed to be deleted.
+        :param pulumi.Input[_builtins.bool] derived: Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
+        :param pulumi.Input[_builtins.bool] exportable: Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
+        :param pulumi.Input[_builtins.str] hybrid_key_type_ec: The elliptic curve algorithm to use for hybrid signatures.
                Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
-        :param pulumi.Input[builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
+        :param pulumi.Input[_builtins.str] hybrid_key_type_pqc: The post-quantum algorithm to use for hybrid signatures.
                Currently, ML-DSA is the only supported key type.
-        :param pulumi.Input[builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
-        :param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[builtins.str]]]]] keys: List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
+        :param pulumi.Input[_builtins.int] key_size: The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
+        :param pulumi.Input[Sequence[pulumi.Input[Mapping[str, pulumi.Input[_builtins.str]]]]] keys: List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
                * for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata.
                * for key types `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `rsa-2048`, `rsa-3072` and `rsa-4096`, each key version will be a map of the following:
-        :param pulumi.Input[builtins.int] latest_version: Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
-        :param pulumi.Input[builtins.int] min_available_version: Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
-        :param pulumi.Input[builtins.int] min_decryption_version: Minimum key version to use for decryption.
-        :param pulumi.Input[builtins.int] min_encryption_version: Minimum key version to use for encryption
-        :param pulumi.Input[builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
-        :param pulumi.Input[builtins.str] namespace: The namespace to provision the resource in.
+        :param pulumi.Input[_builtins.int] latest_version: Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
+        :param pulumi.Input[_builtins.int] min_available_version: Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
+        :param pulumi.Input[_builtins.int] min_decryption_version: Minimum key version to use for decryption.
+        :param pulumi.Input[_builtins.int] min_encryption_version: Minimum key version to use for encryption
+        :param pulumi.Input[_builtins.str] name: The name to identify this key within the backend. Must be unique within the backend.
+        :param pulumi.Input[_builtins.str] namespace: The namespace to provision the resource in.
                The value should not contain leading or trailing forward slashes.
                The `namespace` is always relative to the provider's configured [namespace](https://www.terraform.io/docs/providers/vault/index.html#namespace).
                *Available only for Vault Enterprise*.
-        :param pulumi.Input[builtins.str] parameter_set: The parameter set to use for ML-DSA. Required for
-               ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
-        :param pulumi.Input[builtins.bool] supports_decryption: Whether or not the key supports decryption, based on key type.
-        :param pulumi.Input[builtins.bool] supports_derivation: Whether or not the key supports derivation, based on key type.
-        :param pulumi.Input[builtins.bool] supports_encryption: Whether or not the key supports encryption, based on key type.
-        :param pulumi.Input[builtins.bool] supports_signing: Whether or not the key supports signing, based on key type.
-        :param pulumi.Input[builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
+        :param pulumi.Input[_builtins.str] parameter_set: The parameter set to use for ML-DSA or SLH-DSA. Required for
+               ML-DSA, hybrid, and SLH-DSA keys.
+               Valid values for ML-DSA are `44`, `65`, and `87`.
+               Valid values for SLH-DSA are `slh-dsa-sha2-128s`, `slh-dsa-shake-128s`, `slh-dsa-sha2-128f`, `slh-dsa-shake-128`, `slh-dsa-sha2-192s`,
+               `slh-dsa-shake-192s`, `slh-dsa-sha2-192f`, `slh-dsa-shake-192f`, `slh-dsa-sha2-256s`, `slh-dsa-shake-256s`,
+               `slh-dsa-sha2-256f`, and `slh-dsa-shake-256f`.
+        :param pulumi.Input[_builtins.bool] supports_decryption: Whether or not the key supports decryption, based on key type.
+        :param pulumi.Input[_builtins.bool] supports_derivation: Whether or not the key supports derivation, based on key type.
+        :param pulumi.Input[_builtins.bool] supports_encryption: Whether or not the key supports encryption, based on key type.
+        :param pulumi.Input[_builtins.bool] supports_signing: Whether or not the key supports signing, based on key type.
+        :param pulumi.Input[_builtins.str] type: Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072`, `rsa-4096`, `managed_key`, `aes128-cmac`, `aes192-cmac`, `aes256-cmac`, `ml-dsa`, `hybrid`, and `slh-dsa`.
                * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
         """
         opts = pulumi.ResourceOptions.merge(opts, pulumi.ResourceOptions(id=id))
@@ -978,93 +1001,93 @@ class SecretBackendKey(pulumi.CustomResource):
         __props__.__dict__["type"] = type
         return SecretBackendKey(resource_name, opts=opts, __props__=__props__)
-    @property
+    @_builtins.property
     @pulumi.getter(name="allowPlaintextBackup")
-    def allow_plaintext_backup(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def allow_plaintext_backup(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Enables taking backup of entire keyring in the plaintext format. Once set, this cannot be disabled.
         * Refer to Vault API documentation on key backups for more information: [Backup Key](https://www.vaultproject.io/api-docs/secret/transit#backup-key)
         """
         return pulumi.get(self, "allow_plaintext_backup")
-    @property
+    @_builtins.property
     @pulumi.getter(name="autoRotatePeriod")
-    def auto_rotate_period(self) -> pulumi.Output[builtins.int]:
+    def auto_rotate_period(self) -> pulumi.Output[_builtins.int]:
         """
         Amount of seconds the key should live before being automatically rotated.
         A value of 0 disables automatic rotation for the key.
         """
         return pulumi.get(self, "auto_rotate_period")
-    @property
+    @_builtins.property
     @pulumi.getter
-    def backend(self) -> pulumi.Output[builtins.str]:
+    def backend(self) -> pulumi.Output[_builtins.str]:
         """
         The path the transit secret backend is mounted at, with no leading or trailing `/`s.
         """
         return pulumi.get(self, "backend")
-    @property
+    @_builtins.property
     @pulumi.getter(name="convergentEncryption")
-    def convergent_encryption(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def convergent_encryption(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Whether or not to support convergent encryption, where the same plaintext creates the same ciphertext. This requires `derived` to be set to `true`.
         """
         return pulumi.get(self, "convergent_encryption")
-    @property
+    @_builtins.property
     @pulumi.getter(name="deletionAllowed")
-    def deletion_allowed(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def deletion_allowed(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Specifies if the key is allowed to be deleted.
         """
         return pulumi.get(self, "deletion_allowed")
-    @property
+    @_builtins.property
     @pulumi.getter
-    def derived(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def derived(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Specifies if key derivation is to be used. If enabled, all encrypt/decrypt requests to this key must provide a context which is used for key derivation.
         """
         return pulumi.get(self, "derived")
-    @property
+    @_builtins.property
     @pulumi.getter
-    def exportable(self) -> pulumi.Output[Optional[builtins.bool]]:
+    def exportable(self) -> pulumi.Output[Optional[_builtins.bool]]:
         """
         Enables keys to be exportable. This allows for all valid private keys in the keyring to be exported. Once set, this cannot be disabled.
         """
         return pulumi.get(self, "exportable")
-    @property
+    @_builtins.property
     @pulumi.getter(name="hybridKeyTypeEc")
-    def hybrid_key_type_ec(self) -> pulumi.Output[Optional[builtins.str]]:
+    def hybrid_key_type_ec(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The elliptic curve algorithm to use for hybrid signatures.
         Supported key types are `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, and `ed25519`.
         """
         return pulumi.get(self, "hybrid_key_type_ec")
-    @property
+    @_builtins.property
     @pulumi.getter(name="hybridKeyTypePqc")
-    def hybrid_key_type_pqc(self) -> pulumi.Output[Optional[builtins.str]]:
+    def hybrid_key_type_pqc(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The post-quantum algorithm to use for hybrid signatures.
         Currently, ML-DSA is the only supported key type.
         """
         return pulumi.get(self, "hybrid_key_type_pqc")
-    @property
+    @_builtins.property
     @pulumi.getter(name="keySize")
-    def key_size(self) -> pulumi.Output[Optional[builtins.int]]:
+    def key_size(self) -> pulumi.Output[Optional[_builtins.int]]:
         """
         The key size in bytes for algorithms that allow variable key sizes. Currently only applicable to HMAC, where it must be between 32 and 512 bytes.
         """
         return pulumi.get(self, "key_size")
-    @property
+    @_builtins.property
     @pulumi.getter
-    def keys(self) -> pulumi.Output[Sequence[Mapping[str, builtins.str]]]:
+    def keys(self) -> pulumi.Output[Sequence[Mapping[str, _builtins.str]]]:
         """
         List of key versions in the keyring. This attribute is zero-indexed and will contain a map of values depending on the `type` of the encryption key.
         * for key types `aes128-gcm96`, `aes256-gcm96` and `chacha20-poly1305`, each key version will be a map of a single value `id` which is just a hash of the key's metadata.
@@ -1072,49 +1095,49 @@ class SecretBackendKey(pulumi.CustomResource):
         """
         return pulumi.get(self, "keys")
-    @property
+    @_builtins.property
     @pulumi.getter(name="latestVersion")
-    def latest_version(self) -> pulumi.Output[builtins.int]:
+    def latest_version(self) -> pulumi.Output[_builtins.int]:
         """
         Latest key version available. This value is 1-indexed, so if `latest_version` is `1`, then the key's information can be referenced from `keys` by selecting element `0`
         """
         return pulumi.get(self, "latest_version")
-    @property
+    @_builtins.property
     @pulumi.getter(name="minAvailableVersion")
-    def min_available_version(self) -> pulumi.Output[builtins.int]:
+    def min_available_version(self) -> pulumi.Output[_builtins.int]:
         """
         Minimum key version available for use. If keys have been archived by increasing `min_decryption_version`, this attribute will reflect that change.
         """
         return pulumi.get(self, "min_available_version")
-    @property
+    @_builtins.property
     @pulumi.getter(name="minDecryptionVersion")
-    def min_decryption_version(self) -> pulumi.Output[Optional[builtins.int]]:
+    def min_decryption_version(self) -> pulumi.Output[Optional[_builtins.int]]:
         """
         Minimum key version to use for decryption.
         """
         return pulumi.get(self, "min_decryption_version")
-    @property
+    @_builtins.property
     @pulumi.getter(name="minEncryptionVersion")
-    def min_encryption_version(self) -> pulumi.Output[Optional[builtins.int]]:
+    def min_encryption_version(self) -> pulumi.Output[Optional[_builtins.int]]:
         """
         Minimum key version to use for encryption
         """
         return pulumi.get(self, "min_encryption_version")
-    @property
+    @_builtins.property
     @pulumi.getter
-    def name(self) -> pulumi.Output[builtins.str]:
+    def name(self) -> pulumi.Output[_builtins.str]:
         """
         The name to identify this key within the backend. Must be unique within the backend.
         """
         return pulumi.get(self, "name")
-    @property
+    @_builtins.property
     @pulumi.getter
-    def namespace(self) -> pulumi.Output[Optional[builtins.str]]:
+    def namespace(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
         The namespace to provision the resource in.
         The value should not contain leading or trailing forward slashes.
@@ -1123,52 +1146,56 @@ class SecretBackendKey(pulumi.CustomResource):
         """
         return pulumi.get(self, "namespace")
-    @property
+    @_builtins.property
     @pulumi.getter(name="parameterSet")
-    def parameter_set(self) -> pulumi.Output[Optional[builtins.str]]:
+    def parameter_set(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
-        The parameter set to use for ML-DSA. Required for
-        ML-DSA and hybrid keys. Valid values are `44`, `65`, and `87`.
+        The parameter set to use for ML-DSA or SLH-DSA. Required for
+        ML-DSA, hybrid, and SLH-DSA keys.
+        Valid values for ML-DSA are `44`, `65`, and `87`.
+        Valid values for SLH-DSA are `slh-dsa-sha2-128s`, `slh-dsa-shake-128s`, `slh-dsa-sha2-128f`, `slh-dsa-shake-128`, `slh-dsa-sha2-192s`,
+        `slh-dsa-shake-192s`, `slh-dsa-sha2-192f`, `slh-dsa-shake-192f`, `slh-dsa-sha2-256s`, `slh-dsa-shake-256s`,
+        `slh-dsa-sha2-256f`, and `slh-dsa-shake-256f`.
         """
         return pulumi.get(self, "parameter_set")
-    @property
+    @_builtins.property
     @pulumi.getter(name="supportsDecryption")
-    def supports_decryption(self) -> pulumi.Output[builtins.bool]:
+    def supports_decryption(self) -> pulumi.Output[_builtins.bool]:
         """
         Whether or not the key supports decryption, based on key type.
         """
         return pulumi.get(self, "supports_decryption")
-    @property
+    @_builtins.property
     @pulumi.getter(name="supportsDerivation")
-    def supports_derivation(self) -> pulumi.Output[builtins.bool]:
+    def supports_derivation(self) -> pulumi.Output[_builtins.bool]:
         """
         Whether or not the key supports derivation, based on key type.
         """
         return pulumi.get(self, "supports_derivation")
-    @property
+    @_builtins.property
     @pulumi.getter(name="supportsEncryption")
-    def supports_encryption(self) -> pulumi.Output[builtins.bool]:
+    def supports_encryption(self) -> pulumi.Output[_builtins.bool]:
         """
         Whether or not the key supports encryption, based on key type.
         """
         return pulumi.get(self, "supports_encryption")
-    @property
+    @_builtins.property
     @pulumi.getter(name="supportsSigning")
-    def supports_signing(self) -> pulumi.Output[builtins.bool]:
+    def supports_signing(self) -> pulumi.Output[_builtins.bool]:
         """
         Whether or not the key supports signing, based on key type.
         """
         return pulumi.get(self, "supports_signing")
-    @property
+    @_builtins.property
     @pulumi.getter
-    def type(self) -> pulumi.Output[Optional[builtins.str]]:
+    def type(self) -> pulumi.Output[Optional[_builtins.str]]:
         """
-        Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072` and `rsa-4096`.
+        Specifies the type of key to create. The currently-supported types are: `aes128-gcm96`, `aes256-gcm96` (default), `chacha20-poly1305`, `ed25519`, `ecdsa-p256`, `ecdsa-p384`, `ecdsa-p521`, `hmac`, `rsa-2048`, `rsa-3072`, `rsa-4096`, `managed_key`, `aes128-cmac`, `aes192-cmac`, `aes256-cmac`, `ml-dsa`, `hybrid`, and `slh-dsa`.
         * Refer to the Vault documentation on transit key types for more information: [Key Types](https://www.vaultproject.io/docs/secrets/transit#key-types)
         """
         return pulumi.get(self, "type")

pulumi-vault 7.1.0__py3-none-any.whl → 7.2.0__py3-none-any.whl

pulumi-vault 7.1.0py3-none-any.whl → 7.2.0py3-none-any.whl